The AWS Nitro System is the underlying platform for our next generation of EC2 instances that enables AWS to innovate faster, further reduce cost for our customers, and deliver added benefits like increased security and new instance types.
AWS has completely re-imagined our virtualization infrastructure. Traditionally, hypervisors protect the physical hardware and bios, virtualize the CPU, storage, networking, and provide a rich set of management capabilities. With the Nitro System, we are able to break apart those functions, offload them to dedicated hardware and software, and reduce costs by delivering practically all of the resources of a server to your instances.
The Nitro System is a rich collection of building blocks that can be assembled in many different ways, giving us the flexibility to design and rapidly deliver EC2 instance types with an ever-broadening selection of compute, storage, memory, and networking options. This innovation also leads to bare metal instances where customers can bring their own hypervisor or have no hypervisor.
The Nitro System provides enhanced security that continuously monitors, protects, and verifies the instance hardware and firmware. Virtualization resources are offloaded to dedicated hardware and software minimizing the attack surface. Finally, Nitro System's security model is locked down and prohibits administrative access, eliminating the possibility of human error and tampering.
BETTER PERFORMANCE AND PRICE
The Nitro System delivers practically all of the compute and memory resources of the host hardware to your instances resulting in better overall performance. Additionally, dedicated Nitro Cards enable high speed networking, high speed EBS, and I/O acceleration. Not having to hold back resources for management software means more savings that can be passed on to the customer.
The Nitro Cards are a family of cards that offloads and accelerates IO for functions, ultimately increasing overall system performance. Key cards include Nitro Card for VPC, Nitro Card for EBS, Nitro Card for Instance Storage, Nitro Card Controller, and Nitro Security Chip.
NITRO SECURITY CHIP
The Nitro Security Chip enables the most secure cloud platform with a minimized attack surface as virtualization and security functions are offloaded to dedicated hardware and software. Additionally, a locked down security model prohibits all administrative access, including those of Amazon employees, eliminating the possibility of human error and tampering.
The Nitro Hypervisor is a lightweight hypervisor that manages memory and CPU allocation and delivers performance that is indistinguishable from bare metal.
AWS Nitro Enclaves
AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.
- Video - re:Inforce - Security Benefits of EC2 Nitro Architecture (Launch Pad)
- Video - re:Inforce - Security Benefits of EC2 Nitro Architecture (Presentation)
- Video - re:Invent - Nitro Deep Dive (Presentation)
- Video - re:invent - Evolution of Nitro System (Presentation)
- Jeff Barr Blog
- Perspectives - AWS Nitro System - James Hamilton